Hi All,
We are working on mitigating the Log4j2 vulnerability by removing the JndiLookup class as described here:
We are using version 7.9.2 for all ELK components and currently we can't upgrade to newer version.
My question, is the JndiLookup being used by logstash ? Is there any impact expedted if it was removed or it is safe to remove it?
Thanks a lot
Not unless you have configured your log4j2.properties to contain a JNDI lookup. (This would be very unusual, and is definitely not something you could do by accident.)
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.